Malware hijacks Windows update component
Hackers are always finding new ways of compromising system security by hiding files in just about every file type possible but this is a relatively new concept which shows the increasing “intelligence†of the hacking community. Malware can now be delivered to an already compromised system through the use of the Background Intelligent Transfer service (BITS) which is a component of Windows Update. Is nothing sacred?
The reason this works is because ALL firewalls automatically trust BITS which makes it easy to piggyback malware onto files being transferred by BITS and this automatically grants the file unlimited access to network resources or the system itself. No file transferred by BITS is scanned for malware or virus infections, everything is automatically trusted.
Although BITS has been directly affected, there is no reason to suspect that the Windows Update Service itself has been compromised in any way. Computer World spoke with Oliver Friedrichs of Symantec’s Security Response group and he said, “There is no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now.†That’s probably true.
In case you’re curious BITS is part of every modern operating system based on NT code which started with Windows XP, was included with Windows Server 2003 and yes Vista has it as well.
The idea is that once a system has an infected file on it, it will use BITS to download just about anything it wants and install it into the system and because this happens in the background, you won’t notice it. Of course, a quick check of Task Manager could tell you, if you know what to look for.
The same remains true, don’t download files from unknown sources, don’t open email attachments from people you don’t know, don’t click on unknown links and keep up to date security software even if it requires you to pay for it, just do it.
I can see it now, security vendors will being building in protection systems for BITS, I’m not saying it would be a bad thing but downloads are bound to take longer if each incoming file is checked for malicious code or behaviors.
Related Posts:
March 7th, 2008
The Myths and Truths about Getting a Free Government Cash Grant…
The first question I always get concerning information about the granting process is “Can I really get a free government cash grant?” I try to ask the person exactly what they want to use the money for, and then I explain the types of programs availa…